Is it prudent to ask if Britain’s nuke subs, which also run Windows XP, have also been hit by ransomware?

Britain’s hospitals have been brought to a standstill because of ransomware infecting obsolete and unpatched Windows XP systems. The same obsolete operating system is powering Britain’s nuclear weapons arsenal. Is it prudent to ask if the British nuclear weapons submarines have been patched against this ransomware, or even hit by it?

As reported in January of last year, Britain’s nuclear submarines still run Windows XP. This is the outdated Microsoft operating system that was vulnerable to ransomware, and which is the reason that practically Britain’s entire healthcare is currently nonfunctional and at a standstill: they ran Windows XP, they did not upgrade, and they did not patch.

(A security patch for this vulnerability has been out since March. Getting hit in May is therefore inexcusable.)

I would argue that hospitals and nuclear weapons platforms are both “mission critical” for a government. It can be safely argued that one is more dangerous than the other, but in terms of how important to society it is to upgrade them and keep them current, they are playing in roughly the same division.

In other words, seeing how Britain has failed to patch its Windows XP systems in mission-critical hospitals, I do not have faith that they have patched all other mission-critical systems – specifically including their nuclear weapons platforms.

Of course, this would all be classified and nobody would ever admit to something like this happening, except possibly fifty years later. But we do know that Britain’s nuclear submarines run Windows XP, and that they had a contract for support which expired in July of last year, and which had an option to extend to July of this year. We also know that Microsoft has issued the security patch whether you are on support or not, so a support contract makes no difference in this case.

We’ve observed that the NSA has a catastrophic conflict between its mission and its methods: it cannot keep a nation safe by simultaneously keeping it unsafe (refusing to fix vulnerabilities).

We’ve also observed that NSA tools will leak to whomever may want them.

We’ve observed that military systems are supposed to be kept separate from the Internet, but that this is frequently ignored. Besides, the same is largely true for mission-critical medical systems. Yes, those at the now-brought-to-standstill hospitals.

Let’s reword this to drive the point home. How likely is it that the United States NSA, through its persistent interest in keeping us unsafe, has managed to hand control of Britain’s nuclear weapons platforms to unknown ransomware authors, perhaps in Russia or Uzbekistan?

Of course, this is just speculation; it is not even hypothesis level. There would be no way for a civilian of knowing whether the subs are vulnerable, or worse, hit.

But given what has already happened, it is not rather relevant speculation that forces a few inconvenient questions?

Rick Falkvinge

Rick is the founder of the first Pirate Party and a low-altitude motorcycle pilot. He works as Head of Privacy at the no-log VPN provider Private Internet Access; with his other 40 hours, he's developing an enterprise grade bitcoin wallet and HR system for activism.

Since I'm not a robot spammer I'm also answering this easy question: − three = five

Discussion

Blank Reg

May 20, 2017

And Microsoft will say…”You shouldn’t be running XP…we stopped supporting it Looooonnnggg ago…Windows 10 is the best and most secure [piece of spyware] EVAH! You need to upgrade! Don’t blame US if you don’t!”

Of course, they COULD have written their own custom made software and run it on Linux so that any Ministry of Defence or Ministry of Health computer whizzkid could check the source code any time they were the least bit worried.
Indeed, on several occasions the British civil service has been advised to dump Microsoft and go open source, but guess which Redmond based monopoly always managed to lobby successfully to keep Microsoft’s expensive rubbish instead?

Unfortunately they’ve upgraded the subs. To windows Vista. But we still have something cool in the pipeline. We shall not stop until we’ll achieve our goals and nothing can stop us at this point. First of all, we need to leak similar tools of the CIA (they are even more powerful). But then, if US government won’t stop spying on ordinary citizens, all the hell will break loose. BTW., Donald – if you’re reading this, we got nuke codes. It isn’t 0000 as we’ve suspected but something equally easy to guess. Also putting your white house internal network password and login on a postit isn’t a best security practice.

Await the next challenge. It will be especially hard next year as in 2018 we’ll need especially smart people to join us.

Meta

All original text on this site is under a Creative Commons Zero license ("public domain"). That includes any comments you submit. Syndicated articles that were first published elsewhere (clearly marked as such) are under the original license, typically a very permissive Creative Commons. Powered by Probewise.